GOVERNANCE & COMPLIANCE

Home » Cybersecurity » Governance & Compliance

Assessment of security controls using NIST Cybersecurity Framework (CSF)

As the variety and volume of cybercrimes grow each year, cybersecurity investigations have become both more common and critical. The investigative process consists of investigating, analyzing, and recovering critical data from the network(s) involved in the attack in order to identify the perpetrators. An investigation includes the following:

Analyzing Malware: ‘Malware Analysis’ refers to the process by which the purpose and functionality of the given malware samples are analyzed and determined. Information from a malware analysis provides insights into developing an effective detection technique for the malicious codes. Additionally, it is an essential aspect for developing efficient tools which can perform malware removal from an infected system.
GOVERNANCE and COMPLIANCE

Digital and Forensic Investigation: Digital forensics is a branch of forensic science focused on the recovery and investigation of artifacts found on digital devices. Any devices that store data (e.g., computers, laptops, smartphones, thumb drives, memory cards, external hard drives, etc.) are within the gambit of digital forensics.

Cyberstalking Investigations: Cyberstalking involves the use of electronic communication devices to threaten, harass, or otherwise stalk an individual. Prudential Associates has several tactical options and numerous resources which may be productive in these matters. Prudential Associates can assist with all stages of a cyber investigation, including:

Situational assessment and background check.
Conducting the initial investigation, beginning with information gathering. Questions we aim to answer include:
- Were these crimes limited to US jurisdiction?
- What evidence is there to collect?
- Where might the physical and digital evidence be located?
- Does any of the evidence need to be photographed/preserved immediately?
- How can the evidence be preserved and maintained for court proceedings?
- Identifying possible evidence, which includes collecting digital evidence.
- Securing devices and obtaining necessary court orders.
- Analyzing results with a prosecutor and concluding the investigation.

Assessment of security controls using NIST Risk Management Framework (RMF)

Leveraging the NIST’s Cybersecurity Framework (CSF) that was developed in 2013, Prudential Associates can provide an assessment of an organization’s business processes, systems, and controls. The CSFis divided into three parts: the Framework core, implementation tiers, and profile. Implementing our multi-part assessment, our team of experts will review the people, processes, and technologies constituting your current IT security plan, conduct interviews with key stakeholders, and perform a detailed gap analysis against a client’s security levels and the CSF standards.

Upon completion of our assessment, Prudential will provide a detailed analysis of how a client’s data security program compares to the CSF framework. This analysis includes, but not limited to: executive summary report, detailed assessment report, a corrective action plan, and work instructions. By choosing Prudential Associates to perform this assessment, clients will have decades of experience to rely upon and a thorough understanding of next steps to keep their organization safe from cyber threats.

Development and Implementation of Disaster Recovery Plans

According to the National Archives and Records Administration, 93% of companies that reported a data center outage of 10 days or more, go out of business within a year. The need for a robust disaster recovery plan (DRP) for large enterprises to small firms is more urgent than ever. Coordinated cybersecurity breaches and attacks impact businesses of all sizes, and the less prepared a company is to respond to an event results in a heavier business impact. There are a multitude of benefits in implementing a plan, including: protecting data against the after-effects of natural disasters, reduces the impact of cyberattacks, and keeps confidential data safe.

Prudential Associates can help your company with the strategic experience to develop and implement an evergreen disaster recovery plan.This process includes the following steps:

Establishing clear recovery objectives
Identify all stakeholders
Help draft detailed network infrastructure outline
Choose a data recovery technique (e.g. hard drive, RAID, tape, optical)
Define explicit incident criteria checklist
Document entire recovery procedure
Regularly test DRP
Update plan periodically

Development of Security Policy and Procedures

The protection of an organization’s data and systems depends on creating, implementing, and adhering to a well-planned and documented set of security policies and procedures. A tenable security policy must be based on the results of a risk assessment; findings from an assessment provide policy-makers with an accurate view of the security needs specific to an organization. Regulatory and legal concerns, organizational characteristics, contractual stipulations, environmental issues, and associate input should all be incorporated into policy development.

Best practices deem it critical to involve a third party in the overall development of a policy and procedures. Prudential Associates has the capacity and experience to work with clients of all sizes to provide end-to-end support: from conducting a risk assessment to development of a cogent cybersecurity policy and procedures that are manageable to implement and effective at providing an effective front to combat various threats. Our team can also provide relevant end-user training for your associates that will educate them on the critical elements of the policies and enable compliance with all procedures.

Enterprise Security Gap Advisory

Conducting a gap analysis enables you to establish and meet cybersecurity goals and minimize risk to acceptable levels – but only if it’s performed in a way that properly balances business needs, regulatory requirements, and industry best practices.

Prudential Associates has the expertise to go with years of advising clients on a gamut of cybersecurity needs and challenges to improve their security posture. Utilizing standards like ISO 27001, we’ll develop a security architecture framework and then identify any gaps. From that point, our team of experts can create an implementation plan to address any gaps.

Incident Response Plan Development and Management

User Security Awareness Training

Do you know what the most common threat to your organization is? Your workforce! In the always-connected workforces prevalent today due to Covid-related work-from-home policies, attackers recognize that associates provide soft attack surfaces that make exploits successful. More companies than ever before have employees working from home, which means extra points of entry for attackers. This is why Prudential Associates is at-the-ready to work with your cybersecurity leadership team to develop and administer a robust security awareness training program for your workers.

Our mission is to provide the guidance and knowledge that will ensure continuity and protection for your operations.

Important topics that we cover include, but not limited to: phishing, social engineering, safe internet habits, mobile computing, incident reporting, and data privacy best practices. To boost retention and confidence, our team of experts typically recommends a multi-day training program or better yet, a recurring cadence of training sessions designed to keep employees updated on the current state of threats and how to identify situations that lead to lapses in protocols. You can trust the years of experience in advising companies across multiple industries and verticals and setting up tailored security awareness training programs.